ultimate referee ultimate automizer and incremental
play

Ultimate Referee, Ultimate Automizer, and Incremental Verification - PowerPoint PPT Presentation

Nov 23, 2022 •118 likes •775 views

Ultimate Referee, Ultimate Automizer, and Incremental Verification Matthias Heizmann University of Freiburg CPAchecker Workshop 2019 Outline Running Example and Floyd-Hoare Annotations Ultimate Referee A strict proof checker.

  1. Ultimate Referee, Ultimate Automizer, and Incremental Verification Matthias Heizmann University of Freiburg CPAchecker Workshop 2019

  2. Outline ◮ Running Example and Floyd-Hoare Annotations ◮ Ultimate Referee A strict proof checker. ◮ Trace Abstraction The verification approach of Ultimate Automizer ◮ Incremental Verification Using Trace Abstraction

  3. Running Example and Floyd-Hoare Annotation ℓ 0 assume p != 0; ℓ 0 : while(n >= 0) ℓ 1 : p != 0 { ℓ 2 : assert p != 0; ℓ 1 n < 0 ℓ 5 if(n == 0) n >= 0 { p := 0; ℓ 3 : n-- ℓ 2 p == 0 ℓ err } n == 0 ℓ 4 : n--; n != 0 ℓ 3 } p := 0 ℓ 4 pseudocode control flow graph

  4. Running Example and Floyd-Hoare Annotation Definition: ℓ 0 { ϕ } st { ϕ ′ } is valid Hoare triple p != 0 iff if program is in state that satisfies ϕ ℓ 1 n < 0 ℓ 5 and program executes st then program is in a state that satisfies ϕ ′ n >= 0 Example: n-- ℓ 2 p == 0 ℓ err n == 0 { p � = 0 ∨ n = − 1 } n>=0 { p � = 0 } n != 0 ℓ 3 p := 0 is a valid Hoare triple ℓ 4 control flow graph

  5. Running Example and Floyd-Hoare Annotation Definition: A Floyd-Hoare annotation is a map- ping that assigns each location ℓ i a for- true ℓ 0 mula ϕ i such that there is an edge ϕ i ℓ i ℓ j ϕ j st p != 0 true only if the Hoare triple ℓ 1 n < 0 ℓ 5 { ϕ } st { ϕ ′ } p � = 0 ∨ n = − 1 is valid. n >= 0 false Proposition: ℓ 2 ℓ err n-- p == 0 p � = 0 n == 0 Given a program P , if there is a Floyd- n != 0 ℓ 3 Hoare annotation such that n = 0 p := 0 ◮ every initial location is labeled ℓ 4 with true and p � = 0 ∨ n = 0 ◮ every error location is labeled control flow graph with false then P is correct.

  6. Outline ◮ Running Example and Floyd-Hoare Annotations ◮ Ultimate Referee A strict proof checker. ◮ Trace Abstraction The verification approach of Ultimate Automizer ◮ Incremental Verification Using Trace Abstraction

  7. Correctness Witnesses: Control-flow graph annotated by invariants ◮ not required to annoted every location ◮ invariants to not have to be inductive ◮ invariants do not have to be sufficient

  8. Correctness Witnesses: Control-flow graph annotated by invariants ◮ not required to annoted every location ◮ invariants to not have to be inductive ◮ invariants do not have to be sufficient Shortcomings of Ultimate Automizer as Witness validator ◮ Different tools have different notions of a control-flow graph we cannot always match invariants to the intended location.

  9. Obstacles ◮ procedure entry values

  10. Obstacles ◮ procedure entry values ◮ valid memory

  11. Obstacles ◮ procedure entry values ◮ valid memory ◮ programs with gotos

  12. Outline ◮ Running Example and Floyd-Hoare Annotations ◮ Ultimate Referee A strict proof checker. ◮ Trace Abstraction The verification approach of Ultimate Automizer ◮ Incremental Verification Using Trace Abstraction

  13. Trace Abstraction Matthias Heizmann, Jochen Hoenicke, and Andreas Podelski. “Refine- ment of Trace Abstraction”. In: SAS . vol. 5673. Lecture Notes in Com- puter Science. Springer, 2009, pp. 69–85 Matthias Heizmann, Jochen Hoenicke, and Andreas Podelski. “Nested interpolants”. In: POPL . ACM, 2010, pp. 471–482 Matthias Heizmann, Jochen Hoenicke, and Andreas Podelski. “Software Model Checking for People Who Love Automata”. In: CAV . vol. 8044. Lecture Notes in Computer Science. Springer, 2013, pp. 36–52

  14. Trace Abstraction: Basic Notions ◮ trace ℓ 0 sequence of statements p != 0 p != 0 ◮ error trace ℓ 1 ℓ 5 n < 0 labeling along path from initial location to error n >= 0 n >= 0 location ℓ 2 ℓ err n-- p == 0 p == 0 ◮ infeasible trace n == 0 ℓ 3 n != 0 trace π such that Hoare p := 0 triple ℓ 4 program P examples infeasible feasible error trace of P ? p != 0 n >= 0 p == 0 not error trace of P n == 0 n-- n == 0 n >= 0 n-- n == 0

  15. Trace Abstraction: Approach Show that every error trace is infeasible. Decompose infeasible error traces into sets such that there is a “simple” infeasibility proof for each set.

  16. Trace Abstraction: Approach Show that every error trace is infeasible. Decompose infeasible error traces into sets such that there is a “simple” infeasibility proof for each set. ℓ 0 ◮ Reason 1: If we assume that p != 0 p is not 0 and do not modify p then p cannot be 0. ℓ 1 n < 0 ℓ 5 n >= 0 ◮ Reason 2: If we assume that n-- ℓ 2 p == 0 ℓ err n is 0 and we decrement n n == 0 then n cannot be n != 0 ℓ 3 p := 0 non-negative. ℓ 4 program P

  17. Trace Abstraction: Technical Implementation Implementation based on automata theory Set of statements: alphabet of formal language here: Σ = { p != 0 , n >= 0 , n == 0 , p := 0 , n != 0 , p == 0 , n-- , n < 0 } ◮ Set of traces: automaton over the alphabet ℓ 0 of statements p != 0 ◮ Control flow graph: ℓ 1 n < 0 ℓ 5 automaton over the alphabet of statements n >= 0 ◮ Error location: n-- ℓ 2 p == 0 ℓ err accepting state of this n == 0 n != 0 ℓ 3 automaton p := 0 ◮ Error trace of program: word ℓ 4 accepted by this automaton program P

  18. Trace Abstraction: Example ℓ 0 assume p != 0; ℓ 0 : while(n >= 0) ℓ 1 : p != 0 { ℓ 2 : assert p != 0; ℓ 1 n < 0 ℓ 5 if(n == 0) n >= 0 { p := 0; ℓ 3 : n-- ℓ 2 p == 0 ℓ err } n == 0 ℓ 4 : n--; n != 0 ℓ 3 } p := 0 ℓ 4 pseudocode control flow graph

  19. Trace Abstraction: Example ℓ 0 assume p != 0; ℓ 0 : while(n >= 0) ℓ 1 : p != 0 p != 0 { ℓ 2 : assert p != 0; ℓ 1 n < 0 ℓ 5 if(n == 0) n >= 0 n >= 0 { p := 0; ℓ 3 : n-- ℓ 2 p == 0 p == 0 ℓ err } n == 0 ℓ 4 : n--; n != 0 ℓ 3 } p := 0 ℓ 4 pseudocode control flow graph

  20. Trace Abstraction: Example 1. take trace π 1 p != 0 n >= 0 p == 0

  21. Trace Abstraction: Example 1. take trace π 1 2. consider trace as program A 1 p != 0 n >= 0 p == 0 1: assume p != 0; 2: assume n >= 0; 3: assert p != 0; pseudocode of A 1

  22. Trace Abstraction: Example true 1. take trace π 1 2. consider trace as program A 1 p != 0 3. analyze correctness of A 1 p � = 0 n >= 0 p � = 0 p == 0 false � � �

  23. Trace Abstraction: Example true 1. take trace π 1 2. consider trace as program A 1 p != 0 3. analyze correctness of A 1 p � = 0 4. generalize program A 1 ◮ add transitions n >= 0 p � = 0 n-- p == 0 false { p � = 0 } { p � = 0 } is valid Hoare triple n-- � � �

  24. Trace Abstraction: Example true 1. take trace π 1 2. consider trace as program A 1 p != 0 3. analyze correctness of A 1 p � = 0 4. generalize program A 1 ◮ add transitions n >= 0 n != 0 p � = 0 n-- p == 0 false { p � = 0 } { p � = 0 } is valid Hoare triple n-- � � � { p � = 0 } { p � = 0 } is valid Hoare triple n != 0

  25. Trace Abstraction: Example true 1. take trace π 1 2. consider trace as program A 1 p != 0 3. analyze correctness of A 1 p � = 0 4. generalize program A 1 ◮ add transitions n >= 0 n != 0 p � = 0 n-- n >= 0 p == 0 false { p � = 0 } { p � = 0 } is valid Hoare triple n-- � � � { p � = 0 } { p � = 0 } is valid Hoare triple n != 0 { p � = 0 } { p � = 0 } is valid Hoare triple n >= 0

  26. Trace Abstraction: Example true 1. take trace π 1 2. consider trace as program A 1 p != 0 3. analyze correctness of A 1 p � = 0 4. generalize program A 1 ◮ add transitions n >= 0 all \{ p := 0 } p � = 0 p == 0 false � � �

  27. Trace Abstraction: Example true all 1. take trace π 1 2. consider trace as program A 1 p != 0 3. analyze correctness of A 1 p � = 0 all \{ p := 0 } 4. generalize program A 1 ◮ add transitions n >= 0 all \{ p := 0 } p � = 0 p == 0 false all � � �

  28. Trace Abstraction: Example q 0 true Σ 1. take trace π 1 2. consider trace as program A 1 p != 0 3. analyze correctness of A 1 4. generalize program A 1 Σ \{ p := 0 } ◮ add transitions q 1 p � = 0 ◮ merge locations p == 0 q 2 false Σ � � �

  29. Trace Abstraction: Example q 0 ℓ 0 true Σ p != 0 p != 0 ℓ 1 ℓ 5 n < 0 Σ \{ p := 0 } q 1 n >= 0 p � = 0 n-- ℓ 2 p == 0 ℓ err n == 0 p == 0 n != 0 ℓ 3 p := 0 ? � � � q 2 ℓ 4 false Σ program P program A 1

  30. Trace Abstraction: Example q 0 ℓ 0 true Σ p != 0 p != 0 ℓ 1 ℓ 5 n < 0 Σ \{ p := 0 } q 1 n >= 0 p � = 0 n-- ℓ 2 p == 0 ℓ err n == 0 p == 0 n != 0 ℓ 3 p := 0 ? � � � q 2 ℓ 4 false Σ program P program A 1

  31. Trace Abstraction: Example q 0 ℓ 0 true Σ p != 0 p != 0 ℓ 1 ℓ 5 n < 0 Σ \{ p := 0 } q 1 n >= 0 p � = 0 n-- ℓ 2 p == 0 ℓ err n == 0 p == 0 n != 0 ℓ 3 p := 0 ? � � � q 2 ℓ 4 false Σ program P program A 1 Consider P and A 1 as au- A 1 tomata and consider con- struct set theoretic differ- P ence L ( P ) \ L ( A 1 ).

  32. Trace Abstraction: Example q 0 ℓ 0 Σ p != 0 p != 0 ℓ 1 ℓ 5 n < 0 Σ \{ p := 0 } q 1 n >= 0 n-- ℓ 2 p == 0 ℓ err n == 0 p == 0 n != 0 ℓ 3 p := 0 ? � � � q 2 ℓ 4 Σ program P program A 1 Consider P and A 1 as au- A 1 tomata and consider con- struct set theoretic differ- P ence L ( P ) \ L ( A 1 ).

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

PHASE IA PLAN ULTIMATE PLAN 13 PHASE IB PLAN ULTIMATE PLAN 14 ULTIMATE PLAN ULTIMATE PLAN

PHASE IA PLAN ULTIMATE PLAN 13 PHASE IB PLAN ULTIMATE PLAN 14 ULTIMATE PLAN ULTIMATE PLAN

PHASE IA PLAN ULTIMATE PLAN 13 PHASE IB PLAN ULTIMATE PLAN 14 ULTIMATE PLAN ULTIMATE PLAN 15 FOR ILLUSTRATIVE PURPOSES ONLY - - - FIGURE 11 - Leeward Community College Station Area Illustrative Plan 52

74 views • 4 slides
Ultimate Media What is the utility of an industry Ultimate Media Media Access and Information

Ultimate Media What is the utility of an industry Ultimate Media Media Access and Information

Ultimate Media What is the utility of an industry Ultimate Media Media Access and Information in a context of rich data, social interaction, infinite bandwidth, and no silos Narrative, news and spectacle Ultimate Media Explore Visual

333 views • 22 slides
Preliminary Calculations of CPA Properties of G10 Ultimate stress 32000 psi ultimate psi

Preliminary Calculations of CPA Properties of G10 Ultimate stress 32000 psi ultimate psi

Preliminary Calculations of CPA Properties of G10 Ultimate stress 32000 psi ultimate psi kg kg Density 1800 G10 m 3 Modulus 19.1 GPa E G10 GPa 9.6 10 6 cm cm Coefficient of thermal expansion

167 views • 5 slides
ULTIMATE-Subaru \ ULTIMATE-SUBARU PROJECT OVERVIEW SUBARU STRATEGIC PLAN TOWARD 2020 AND BEYOND

ULTIMATE-Subaru \ ULTIMATE-SUBARU PROJECT OVERVIEW SUBARU STRATEGIC PLAN TOWARD 2020 AND BEYOND

() ULTIMATE-Subaru Christophe Clergeon,

439 views • 24 slides
ULTIMATE: AN EMERGING SPORT VERMONTS EXPERIENCE BOB JOHNSON ASSOC. EXECUTIVE DIRECTOR VERMONT

ULTIMATE: AN EMERGING SPORT VERMONTS EXPERIENCE BOB JOHNSON ASSOC. EXECUTIVE DIRECTOR VERMONT

ULTIMATE: AN EMERGING SPORT VERMONTS EXPERIENCE BOB JOHNSON ASSOC. EXECUTIVE DIRECTOR VERMONT PRINCIPALS ASSOC . ULTIMATE NOT FRISBEE!!!!!!! How did we get started? Summer 2014 approached by VT Youth Ultimate League (VYUL)

474 views • 11 slides
ULTIMATE-Subaru Science Team Status Yusei Koyama (Subaru Telescope) ULTIMATE-Subaru Science

ULTIMATE-Subaru Science Team Status Yusei Koyama (Subaru Telescope) ULTIMATE-Subaru Science

ULTIMATE-Subaru Collaboration Meeting 2018 (2018/1/16) ULTIMATE-Subaru Science Team Status Yusei Koyama (Subaru Telescope) ULTIMATE-Subaru Science Team ULTIMATE-Subaru: GLAO + new IR inst. MOIRCS x 7 ! IRCS x 200 ! Subaru/MOIRCS Subaru/IRCS

579 views • 14 slides
FBBB - The Ultimate Presentation Script Ok, regardless of what you may have been taught, there are

FBBB - The Ultimate Presentation Script Ok, regardless of what you may have been taught, there are

FB Bot Bonanza - The Ultimate Presentation FBBB - The Ultimate Presentation Script Ok, regardless of what you may have been taught, there are only 2 reasons to advertise And that is to market yourself and to generate leads . Whether its a

401 views • 3 slides
Offline Inbox Interceptor - Ultimate Presentation Offline Inbox Interceptor - Ultimate

Offline Inbox Interceptor - Ultimate Presentation Offline Inbox Interceptor - Ultimate

Offline Inbox Interceptor - Ultimate Presentation Offline Inbox Interceptor - Ultimate Presentation Ok, regardless of what you may have been taught, there are only 2 reasons to advertise And that is to market yourself and to generate leads .

271 views • 4 slides
ULTIMATE AO simulations Australian National University Research School of Astronomy and

ULTIMATE AO simulations Australian National University Research School of Astronomy and

ULTIMATE AO simulations Australian National University Research School of Astronomy and Astrophysics Francois Rigaut, Visa Korkiakoski Outline Introduction &amp; background Simulation results Next steps Conclusions ULTIMATE-Subaru meeting.

350 views • 23 slides
DBE/SB Workshop July 25-26, 2013 Loreen Bobo, PE I-4 Ultimate Construction Program Manager

DBE/SB Workshop July 25-26, 2013 Loreen Bobo, PE I-4 Ultimate Construction Program Manager

I-4 Ultimate DBE/SB Workshop July 25-26, 2013 Loreen Bobo, PE I-4 Ultimate Construction Program Manager Nondiscrimination Statement This meeting, project or study is being conducted without regard to race, color, national origin, age, sex,

505 views • 48 slides
ULTIMATE A Multicenter, Prospective, Randomized Trial Comparing Intravascular Ultrasound-guided

ULTIMATE A Multicenter, Prospective, Randomized Trial Comparing Intravascular Ultrasound-guided

ULTIMATE ULTIMATE A Multicenter, Prospective, Randomized Trial Comparing Intravascular Ultrasound-guided versus Angiography-guided Implantation of Drug-Eluting Stent in All-comers Jun-Jie Zhang, MD, PhD Xiaofei Gao, Jing Kan, Zhen Ge, Leng

244 views • 9 slides
Ultimate Debian Database Lucas Nussbaum Debconf16 Lucas Nussbaum Ultimate Debian Database 1

Ultimate Debian Database Lucas Nussbaum Debconf16 Lucas Nussbaum Ultimate Debian Database 1

Ultimate Debian Database Lucas Nussbaum Debconf16 Lucas Nussbaum Ultimate Debian Database 1 / 15 Debian: the data hell A lot of different sources of data in Debian With different data formats: text files, BerkeleyDB, SQL databases, JSON,

200 views • 17 slides
INTRODUCTION Design Criteria Phase 1 Ultimate Parcels / Users 300 / 800 1100 / 1900 Max Day

INTRODUCTION Design Criteria Phase 1 Ultimate Parcels / Users 300 / 800 1100 / 1900 Max Day

SCOTCH CREEK - WATER MASTER PLAN 2018 1 INTRODUCTION Design Criteria Phase 1 Ultimate Parcels / Users 300 / 800 1100 / 1900 Max Day Demand 40-60 L/s 90 L/s Vision Fireflow Target &gt; 60 L/s &gt; 90 L/s Ultimate system design needs to

320 views • 8 slides
Limiting Factors to Participation in USA Ultimate in Comparison to US Lacrosse Michael Agarenzo

Limiting Factors to Participation in USA Ultimate in Comparison to US Lacrosse Michael Agarenzo

Limiting Factors to Participation in USA Ultimate in Comparison to US Lacrosse Michael Agarenzo Russel Kamal What is Ultimate? Growth Rate of Ultimate vs Lacrosse Growth Rate: 16.35835% Growth Rate: 10.40598% Why does participation differ

123 views • 8 slides
SWIMS-18, PFS 2 , and ULTIMATE-K Tadayuki Kodama (Tohoku Univ.) HSC-HSC/PFS-PFS, Mahalo-Subaru,

SWIMS-18, PFS 2 , and ULTIMATE-K Tadayuki Kodama (Tohoku Univ.) HSC-HSC/PFS-PFS, Mahalo-Subaru,

NIR Wide-Field Workshop NAOJ Mitaka 2019/7/1-2 SWIMS-18, PFS 2 , and ULTIMATE-K Tadayuki Kodama (Tohoku Univ.) HSC-HSC/PFS-PFS, Mahalo-Subaru, SWIMS-18, and ULTIMATE-Subaru teams A galaxy cluster RXJ0152 at z=0.83 (Subaru/Suprime-Cam)

285 views • 25 slides
Titus Titus 2:4 2:4-5 I. Sensitiv I. Sensitive e Titus Titus 2:4 2:4 God's Ultimate

Titus Titus 2:4 2:4-5 I. Sensitiv I. Sensitive e Titus Titus 2:4 2:4 God's Ultimate

God's Ultimate Woman Titus Titus 2:4 2:4-5 I. Sensitiv I. Sensitive e Titus Titus 2:4 2:4 God's Ultimate Woman Titus Titus 2:4 2:4-5 II. Self II. Self Contr Controlled olled Titus Titus 2:5 2:5 God's Ultimate

544 views • 9 slides
ONE BIG GOAL OF THE SEASON TOGETHER Lets create a positive environment for kids to play

ONE BIG GOAL OF THE SEASON TOGETHER Lets create a positive environment for kids to play

ONE BIG GOAL OF THE SEASON TOGETHER Lets create a positive environment for kids to play and learn basketball. What can we do? Sample pre-game speech approved by the League Offices of MISSION 5&amp;2 enjoy! Coach Norman Dale from

342 views • 12 slides
Reviews, Responses, and Panels John A Clark So who decides who gets a grant? Reviewers and

Reviews, Responses, and Panels John A Clark So who decides who gets a grant? Reviewers and

Reviews, Responses, and Panels John A Clark So who decides who gets a grant? Reviewers and Panels In most cases your proposal goes out to peer review from experts in your proposals field. They will examine your proposal and write reports

548 views • 12 slides
Aggregating Referee Scores: an Algebraic Approach Rolf Haenni R easoning under UN certainty Group

Aggregating Referee Scores: an Algebraic Approach Rolf Haenni R easoning under UN certainty Group

Introduction Problem Formulation The Opinion Calculus Evaluating Referee Scores Conclusion Aggregating Referee Scores: an Algebraic Approach Rolf Haenni R easoning under UN certainty Group Institute of Computer Science and Applied

453 views • 32 slides
Adding a referee to an interconnection network: What can be computed with little local

Adding a referee to an interconnection network: What can be computed with little local

Introduction Another model Can be done Cannot be done Conclusion Adding a referee to an interconnection network: What can be computed with little local information Florent Becker, Martin Matamala, Nicolas Nisse, Ivan Rapaport, Karol Suchan,

597 views • 25 slides
Entanglement requirements in non-local games William Slofstra IQC, University of Waterloo August

Entanglement requirements in non-local games William Slofstra IQC, University of Waterloo August

Entanglement requirements in non-local games William Slofstra IQC, University of Waterloo August 31, 2017 Entanglement requirements in non-local games William Slofstra Non-local games (aka Bell scenarios) Win/lose based on outputs a , b

466 views • 31 slides
Optimal Lower Bounds for Distributed and Streaming Spanning Forest Computation Huacheng Yu Oct

Optimal Lower Bounds for Distributed and Streaming Spanning Forest Computation Huacheng Yu Oct

Optimal Lower Bounds for Distributed and Streaming Spanning Forest Computation Huacheng Yu Oct 18, 2018 Harvard University Joint work with Jelani Nelson Warm-up Consider the following dynamic problem: edges are inserted into an initially

1.13k views • 72 slides
Gminus2 computing funds requests Alberto Lusiani Scuola Normale Superiore and INFN, sezione di

Gminus2 computing funds requests Alberto Lusiani Scuola Normale Superiore and INFN, sezione di

Gminus2 computing funds requests Alberto Lusiani Scuola Normale Superiore and INFN, sezione di Pisa Gminus2 referee meeting, Pisa, 11 September 2019 Gminus2 computing funds requests Outline I E989 datasets: past and present estimates I CPU,

599 views • 14 slides
Mini-Series: Own your CV Episode 5 Interests, Additional Information and Referees Additional

Mini-Series: Own your CV Episode 5 Interests, Additional Information and Referees Additional

Mini-Series: Own your CV Episode 5 Interests, Additional Information and Referees Additional Information Wha What we wi will be be focus using ng Interests and Hobbies on i on in t this epis episode de Referees ADDITIONAL

695 views • 13 slides

More recommend